Why You Should Use Rule-Based Passwords

8 thoughts on “Why You Should Use Rule-Based Passwords”

  1. I’ve been using rule-based passwords for ages and they are awesome. I sometimes visit a site where I happen to have made a login years ago (and maybe even don’t remember), but still I can log in with a unique password.

    However, I do recommend against putting the variable letter in caps and at the end of the word. Now, if I have your Facebook password, it takes me at most 26×26=676 guesses to have your Twitter password, no matter how complex your formula is. The variable part should be hidden inside the password, more like eRawtsEr931, where eRa__sEr931 is constant.

    1. Sure, that’s true–but only if you are using a rule with 2 uppercase characters. You could use 3, or mix them up like you suggest, or do any number of things based on the name. Another idea (take the next letter… so F->G). Essentially, you are still making it a massive ordeal to try and crack your password… and are way less vulnerable than before. The rule above was just a simple example.

    1. This hasn’t happened to me at all yet… but I know there are some sites like this. One method is to have some rule for the time component as well. Maybe you take the year and modify it.

  2. I used rule-based passwords like this for a while, but this didn’t feel particularly secure. I’ve switched to using 1Password for all but a few services, which generates random passwords and handles them pretty well. This way, even if someone gets access to a bunch of my passwords, they can’t get the rest unless they get access to 1Password or my email account (which is 2-factor).
    I was a bit worried at first about trusting 1Password not to lose or corrupt the data, but then I realized that all my accounts are tied to the same email for reset.

    1. Yeah… I tried 1Password… but it was wayyy too much of a hassle for me. Say you want to log into an account at a friends house… but your phone died…. you don’t even know your own passwords. Then you have to go through a clunky process to pull it up. When I watch some friends pull up 1Password on their phone just for a basic login (and it takes a pretty long time), it’s kind of funny.

      Like I mentioned, the tradeoff is one between security and convenience… there are methods that are even more secure than passwords… and even more of a hassle. All in all, for me, the 1Password approach was way too paranoid.

  3. Hii Sorry to asking this

    im trying to use your Facebook Ranking but the links not working
    its broken can you pls fix it 🙂
    im waiting so long, i mean form last year |can plss plss plsss 🙂

  4. This is awesome man. I have been using a rule-based system for year without knowing that’s what it’s called. It’s a very different version of a rule-based system, which I’ll explain in person 🙂

Leave a Reply